Advertisement

Malware Analytics for Social Networking

  • Deepak Subramanian
  • Peter Kok Keong Loh
Chapter
Part of the Gaming Media and Social Effects book series (GMSE)

Abstract

In this chapter, Subramanian and Loh present and evaluate a novel behavioural malware analysis technique that could be used in the above scenarios for runtime input validation. They focus on adaptive, behavioural analytics that evaluate and classify malware that could infect social network enterprise platforms during runtime. A customised design framework is also presented and its performance evaluated on actual malware samples found in the real-world scenario. Subramanian and Loh show that the use of adaptive analytics helps improve malware detection on social networks over time.

References

  1. Ahmed, I., Lhee, K.-S.: Classification of packet contents for malware detection. J. Comput. Virol. 7(4), 279–295 (2011)CrossRefGoogle Scholar
  2. Altman, T.: Malware analysis tool, Capture-Bat. http://travisaltman.com/malware-analysis-tool-capture-bat/ (2012). Accessed on 20 Oct 2012
  3. ANUBIS. http://anubis.iseclab.org/ (2012). Accessed on April 2012
  4. Athanasopoulos, E., Makridakis, A., et al.: Antisocial networks: turning a social network into a botnet. In: Proceedings of the 11th International Conference on Information Security, pp. 146–160. Springer-Verlag, Taipei, Taiwan (2008)Google Scholar
  5. Balzarotti, D., Cova, M., et al.: Efficient detection of split personalities in malware. In: Network and Distributed System Security Symposium (2010)Google Scholar
  6. Bayer, U., Comparetti, P.M., et al.: Scalable, behavior-based malware clustering. In: ISOC NDSS Symposium, USA (2009)Google Scholar
  7. Bonneau, J., Anderson, J., et al.: Prying data out of a social network. In: Proceedings of the 2009 International Conference on Advances in Social Network Analysis and Mining, IEEE Computer Society, pp. 249–254 (2009)Google Scholar
  8. Boyd, C.: Fake linkedin mails lead to cridex. http://www.gfi.com/blog/fake-linkedin-mails-lead-to-cridex/ (2012). Accessed on 23 March 2012
  9. Carr, D.F.: Facebook iFrames: good for business, bad for security? http://www.informationweek.com/thebrainyard/news/social_networking_consumer/229301365 (2011). Accessed on 20 April 2012
  10. Carrera, E., Flake, H.: Automated Structural Classification of Malware. SOURCE Boston, Boston (2008)Google Scholar
  11. Cifuentes, C., Waddington, T., et al.: Computer security analysis through decompilation and high-level debugging. In: Working Conference on Reverse Engineering, Stuttgart (2001)Google Scholar
  12. Cohen, F.: Computer viruses: theory and experiments. Comput. Secur. 6(1), 22–35 (1987)CrossRefGoogle Scholar
  13. Dr.Web.: AdWare.Win32.BargainBuddy.n. http://www.drwebhk.com/en/virus_removal/196156/AdWare.Win32.BargainBuddy.n.html (2013). Accessed on 9 Jan 2013
  14. Dr.Web.: TrojanDownloader:Win32/Cornfemo.A. http://www.drwebhk.com/en/virus_removal/936052/TrojanDownloader%3AWin32%2FCornfemo.A.html (2013). Accessed on 9 Jan 2013
  15. Falliere, N., Murchu, L.O., et al.: W32.Stuxnet Dossier, Symantec, 1–68 (2011)Google Scholar
  16. Ferguson, R.: Facebook open JavaScript hole, March 2012 (2011) Google Scholar
  17. GFISandbox.: GFI Sandbox. http://www.gfi.com/malware-analysis-tool (2012). Accessed on April 2012
  18. Gheorghescu, M.: An automated virus classification system. Virus Bull. Conf. 294–300 (2005) Google Scholar
  19. Gu, G., Porras, P., et al.: BotHunter: detecting malware infection through IDS-driven dialog correlation. In: USENIX Security Symposium on USENIX Security Symposium. Berkeley, CA, USA, USENIX Association (2007)Google Scholar
  20. Kang, M.G., Poosankam, P., et al.: Renovo: a hidden code extractor for packed executables. In: ACM Workshop on Recurring Malcode (2007)Google Scholar
  21. Kolter, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. J. Mach. Learn. Res. 7, 2721–2744 (2006)Google Scholar
  22. MacDonald, N.: Host-based intrusion prevention systems (HIPS) update: why antivirus and personal firewall technologies aren’t enough. (2007)Google Scholar
  23. Mehdi, S.B., Tanwani, A.K., et al.: IMAD: in-execution malware analysis and detection. In: Proceedings of the Genetic and evolutionary computation (2009)Google Scholar
  24. Moser, A., Kruegel, C., et al.: Exploring multiple execution paths for malware analysis. In: IEEE Symposium on Security and Privacy, 2007, SP’07 (2007)Google Scholar
  25. NORMAN_Sandbox.: NORMAN Sandbox. http://www.norman.com/security_center/security_tools (2012). Accessed on April 2012
  26. Rieck, K., Trinius, P., et al.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639–668 (2011)Google Scholar
  27. Roesch, M.: Snort-lightweight intrusion detection for networks. In: USENIX Systems Administration Conference, Seattle, WA, USENIX Association (1999)Google Scholar
  28. SANS: Internet Storm Center. http://isc.sans.edu/ (2012). Accessed on 1 July 2012
  29. Schuster, A.: Searching for processes and threads in microsoft windows memory dumps. In: Digital Forensic Research Workshop, Science Direct, vol. 3, Supplement, pp. 10–16 (2006)Google Scholar
  30. Sood, A.K., Enbody, R.: Chain exploitation—social networks malware. ISACA J. 1. http://www.isaca.org/Journal/Past-Issues/2011/Volume-1/Pages/Chain-Exploitation-Social-Networks-Malware.aspx#8 (2011a). Accessed on March 2012
  31. Sood, A.K., Enbody, R.J.: Online social networks: malware launch pads. http://www.net-security.org/malware_news.php?id=1895 (2011b). Accessed on March 2012
  32. Swartz, R.J., Cox, D.D., et al.: Inverse decision theory: characterizing losses for a decision rule with applications in cervical cancer screening. J. Am. Stat. Assoc. 101(473), 1–8 (2006)Google Scholar
  33. Turing, A.M.: On computable numbers, with an application to the Entscheidungsproblem. Proc. Lond. Math. Soc. s2-42(1), 230–265 (1937)Google Scholar
  34. Venkataraman, S., Song, D.X., et al.: New streaming algorithms for fast detection of superspreaders. In: Network and Distributed System Security Symposium (NDSS) (2005)Google Scholar
  35. Walenstein, A., Venable, M., et al.: Exploiting Similarity Between Variants to Defeat Malware. BlackHat DC, Washington DC (2007)Google Scholar
  36. Weimin, L., Jingbo, L., et al.: An analysis of security in social networks. In: Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, 2009, DASC ‘09 (2009)Google Scholar
  37. Wu, J., Vangala, S., et al.: An effective architecture and algorithm for detecting worms with various scan techniques. In: IEEE Network and Distributed System Security Symposium, San Diego, CA (2004)Google Scholar
  38. Xun, W., Wei, Y., et al.: Detecting worms via mining dynamic program execution. In: Third International Conference on Security and Privacy in Communications Networks and the Workshops, 2007, SecureComm 2007, (2007)Google Scholar
  39. Yuxin, D., Xuebing, Y., et al.: Feature representation and selection in malicious code detection methods based on static system calls. Elsevier Comput. Secur. 30(6–7), 514–524 (2011)Google Scholar
  40. Zhang, B., Yin, J., et al.: Unknown malicious codes detection based on rough set theory and support vector machine. In: International Joint Conference on Neural Networks, pp. 2583–2587 (2006)Google Scholar

Copyright information

© Springer Science+Business Media Singapore 2014

Authors and Affiliations

  1. 1.Temasek LaboratoriesNanyang Technological UniversitySingaporeSingapore

Personalised recommendations